On Nov 15, 2004, at 11:48 AM, Julian Mehnle wrote:
Matt [EMAIL PROTECTED] wrote:The problem is that, as yourself and others have mentioned, the
distinction between the different categories are dependant upon personal
interpretation. What one classes as social engineering, someone else may
class as, for example, malware. Even though they can technically be the
same thing, perceptions vary, thereby making it a nigh on impossible
question to answer.
Following that logic, any distinction between spam and malware would be
artificial, too. Sorry, but I don't subscribe to this sort of nihilism.
;-)
Because there is still a difference..."commonly accepted definitions" are watering them down though :-)
Malware...bad software with bad intentions.
I think the line is pretty easy to find between viruses/worms and trojans and spam/UCE/UBE and social engineering attacks. The lines blur as they start using each other to their own advantage (viruses spreading spam from infected machines, for example) but it's clear enough that the actual virus or worm is the executable code or script, while the "click here for amazing rates!" is simply spam, and the techniques for fighting spam can be quite different from those used to stop an infectious file attachment.
I have not tried to make a distinction between social engineering and
malware. Those are orthogonal concepts. But there definitely is a
distinction between technical attacks and social engineering attacks, even
though they're somewhat overlapping.
Very correct. There's a difference between me taking your wallet and me telling you about a wonderful investment opportunity where you can double...no...triple your money in two weeks!
If it takes advantage of a bug in the OS or contains executable code or scripts that carry the intention of "infecting"...spreading/running without the user's knowledge...then I would think it's Clam's job to stop it. If it's someone trying to triple my money or beg for a place to hide a billion dollars while the sender's government falls, it's SA's job to stop it. If I wanted overlap, I'd install multiple spam filters and multiple virus filters, I don't need multiple spirus filters to try to diagnose and maintain :-)
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
